What is claimed is: 



CLAIMS 



1 LA method of controlling content usage in a personal communication device 

2 using a decryption key that is divided into a plurality of key-shares, the method 

3 comprises: 

4 providing the personal coromunication device a first key-share in response 

5 to a request for content; and 

6 verifying credit of a user of the personal communication device; 

7 providing the personal communication device a second key-share when the 

8 credit is confirmed; and 

9 combining the first and second key-shares with a third key share stored in 
1 0 the personal conmiimication device for use in decrypting content. 

1 2, The method as claimed in claim 1 wherein the method includes: 

2 monitoring usage of the content with a security processor of the personal 

3 communications device; and 

4 purging at least one of the key-shares firom the personal communication 

5 device when the usage exceeds one of a set of measurement parameters stored in 

6 the personal communications device of the set. 

1 3, The method as claimed in claim 2 further comprising receiving the request for 

2 the content firom the personal communication device, the request identifying the 

3 content and the measurement parameters for the content. 

1 4. The method as claimed in claim 1 further including: 

2 receiving the content fi-om a content server in a security server; 

3 encrypting the content in the security server with the encryption key; and:' 

4 providing the encrypted content firom the security server to the personal 

5 communication device over a wireless coromunication link. 
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1 5, The method as claimed in claim 4 wherein the content server and the security 

2 server communicate over a non-secure network, and the method includes the 

3 content server adding security to the content prior to providing the content to the 

4 security server. 

1 6. The method as claimed in claim 1 wherein the providing the first of the key- 

2 shares is performed by a security server in communication with the personal 

3 conmiunication device. 

1 7, The method as claimed in claim 1 wherein the third of the key-shares is stored 

2 in a subscriber identity module (SIM) associated with the user, and wherein a 

3 fourth of the key-shares is stored in the personal conmiunication device and 

4 associated with a security processor of the personal communication device, and 

5 wherein the security processor combines the first, second, third and fourth key- 

6 shares to decrypt the encrypted content. 

1 8, The method as claimed in claim 1 wherein the verifying credit of the user and 

2 the providing the second of the key-shares to the personal communication device 

3 are performed by a finance server in communication with the personal 

4 communication device. 

1 9, The method as claimed in claim 1 wherein the plurality of key-shares are 

2 Blakley-Shamir key-shares. 

1 10. The method as claimed in claim 1 wherein the content comprises either video 

2 content or music content. 

1 11. The method as claimed in claim 1 further comprising generating a set of' 

2 measuring parameters comprising at least one of a date-limit, a run-time hmit, and 

3 an iteration limit, and wherein the personal communication device monitors usage 

4 of the content with respect to the measxurement parameters and purges at least one 
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5 of the key-shares when the usage exceeds one of the measurement parameters of 

6 the set. 

1 12. The method as claimed in claim 1 1 comprising a content server defining the 

2 set of measurement parameters based on preferences of a content provider. 

1 13. The method as claimed in claim 1 1 wherein the date-limit defines an end 

2 calendar date for playing the content, the run-time limit defines a maximum 

3 amount of time for playing portions of the content, and the iteration limit defines a 

4 maximum number of times for playing the content or portions thereof 

1 14. The method as claimed in claim 12 wherein the measurement parameters have 

2 an authentication code associated therewith, and wherein a security processor of 

3 the personal communication device purges at least one of the key-shares when the 

4 authentication code fails to authenticate. 

1 15. The method as claimed in claim 1 wherein the personal communication device 

2 receives the first and second of the key-shares over a wireless communication 

3 link. 

1 16. A processing system for use in a personal commimication device, the 

2 processing system comprising: 

3 a security processor portion to combine a plurality of key-shares and 

4 decrypt content for the processing system, the security processor portion including 

5 a monitor for usage of the content constructed and arranged to purge at least one 

6 of the key-shares when the usage exceeds a measurement parameter; and 

7 a commxmications processor portion to receive decrypted content from the 

8 security processor portion and providing decrypted content for playing on the 

9 personal communication device. 
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1 17. The processing system as claimed in claim 16 wherein the measurement 

2 parameters have an authentication code associated therewith and wherein the 

3 security processor portion purges at least one of the key-shares when the 

4 authentication code fails to authenticate. 

1 18. The processing system as claimed in claim 16 wherein the security processor 

2 portion has a first of the key-shares stored therein, retrieves a second of the key- 

3 shares fi^om a subscriber identity module inserted into the personal 

4 communication device, and receives a third of the key-shares firom a finance 

5 server when a user's credit is verified for use of the content. 

1 19. The processing system as claimed in claim 16 wherein the measurement 

2 parameters comprise at least one of a date-limit, a run-time limit, and an iteration 

3 limit, and wherein the security processor portion monitors usage of the content 

4 with respect to the measurement parameters and purges at least one of the key- 

5 shares when the usage exceeds one of the measurement parameters of the set. 

1 20, The processing system as claimed in claim 16 fiirther comprising an 

2 apphcations processor portion to process applications running on the personal 

3 communication device, and wherein the security processor portion, 

4 communications processor portion and applications processor portion are part of a 

5 processor area and fabricated on an application specific integrated circuit (ASIC). 

1 2 1 . A personal conmiunication device comprising: 

2 a processor area to store first key-share therein; 

3 a module receiving area to receive a subscriber identity module (SIM), the 

4 SIM having a second-key share stored therein; and ^ 

5 an RF interface to receive a third key-share and encrypted content over a 

6 wireless communication link, 

7 wherein the processor area includes apparatus constructed and arranged to 

8 combine the first, second and third key-shares to decrypt the encrypted content 

9 and monitor playing of the decrypted content against measurement parameters. 
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1 22. A personal communication device as claimed in claim 21 wherein the 

2 measurement parameters have an authentication code associated therewith and 

3 wherein the processor area purges at least one of the key-shares when usage of the 

4 content exceeds a measurement parameter, or when the authentication code fails 

5 to authenticate. 

1 23. A personal communication device as claimed in claim 21 wherein the 

2 processor area receives the third key-share from a finance server when a user is 

3 approved for use of the content in accordance with the measurement parameters. 
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